2 $path_priv="/home/lace/priv/";
3 $getget=isset($_REQUEST["_getget"]);
4 $wherename=($getget ? "_getget" : "_postget");
5 $where=$_REQUEST[$wherename];
6 unset($_REQUEST[$wherename]);
8 foreach ($_REQUEST as $key=>$val) {
9 if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
10 $permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1,"192.168.90.12"=>1);
11 if (!$permit[$_SERVER["REMOTE_ADDR"]])
13 ." REMOTE_ADDR=".htmlspecialchars($_SERVER["REMOTE_ADDR"])
14 .",key=".htmlspecialchars($key)
15 .",val=".htmlspecialchars($val)
19 $_REQUEST[$key]=chop(join(" ",file($path_priv.$matched[1],false/*use_include_path*/)));
25 foreach ($_REQUEST as $key=>$val) {
26 $where.="${first}".urlencode($key)."=".urlencode($val);
29 header("Location: $where");
31 header("Content-type: text/html");
32 print('<?xml version="1.0" encoding="iso-8859-1"?>'."\n");
34 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
35 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
36 <head><title>postget</title></head>
41 ."<body onload=\"window.location.href=document.links[0].href;\"><p>\n"
42 ."<a href=\"".htmlspecialchars($where)."\">get</a>\n"
47 ."<body onload=\"document.forms[0].submit();\">\n"
48 ."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
49 foreach ($_REQUEST as $key=>$val)
50 print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
51 print("<input type=\"submit\" />\n");
52 print("</p></form></body>\n");